Blog

Daily Blog #186: ANJP v3 Beta Release Announcement

Hello Reader, I’m happy to announce a pretty big milestone for us in the G-C labs, ANJP v3 Beta! If you’ve been watching the forensic lunch you know about the new features and capabilities we’ve been adding as we work our way to a commercial tool release to go along side our free parser. We think that this beta release is a pretty significant step forward towards that goal.

What’s new in V3?

We’ve ported the GUI from win32 to WX which means once we figure out the details we’ll have GUI compiled versions of ANJP for Mac and Linux alongside windows.

Rather than just dump out text files, which it still can do, you can now export directly to Excel xlsx files

The GUI has been extended beyond just “select files and process” to include a report viewing option that will allow you to:

View, search and export the MFT

View, search and export the USNJrnl

View, search and export the $logfile

View transactional based events such as file creation, deletion and renames

View change based events such as timestamp changes, what was burned to CD and more

We’ve developed a XML based rules engine that we’ve populated with some sample rules. The rules engine is still under development to expose all the underlying options within the MFT/USN/$Logfile but its very functional right now.

You can now specify your owl rules or IOCs and the parser will show you what matches.

Adding rules will not require you to reparse the data!

Full Unicode Support

Fixes for weird one off journals we’ve been sent (Thanks for those who’ve done so!)